In January of 2019, it was discovered that an online attacker had hacked Coinbase and processed over $1.1 million in what the cryptocurrency industry refers to as “double spends”. However, this is not the only incidence of blockchains being hacked since its increasing popularity on the market. In fact, since 2017 it is estimated that over $2 billion worth of cryptocurrency has been stolen by hackers. But, how have blockchains, which were once deemed as unhackable, become the latest source of fraudulent activity?
Two Documented Years of Hacking Activity
Since 2017, authorities have uncovered billions of dollars worth of stolen cryptocurrency due to online attackers. However, it is estimated that even more funds have been taken during this time. Two groups alone are suspected of profiting over $1 billion combined, but the extent of their reach, as well as others, is largely unknown. As the market for blockchain encryptions becomes larger and larger, it appears as though its vulnerability to hackers is also increasing. This could mean that the fraudulent activity associated with blockchain hacking is just beginning.
Why Hack a Blockchain?
A blockchain essentially serves as the history of a cryptocurrency platform’s transactions. As a new and unregulated form of currency, cryptocurrency is largely unprotected. So, when fraudulent transactions occur there are barely any protections in place to replenish the funds that are taken or track their history. This creates the ideal opportunity for experienced hackers looking to produce fraudulent transactions with very little risk. Yes, blockchains do offer unique security features that are not offered through traditional banking services, but they also lack quite a few of the basic protections that consumers have become accustomed to.
How are Blockchains Hacked?
Many of the recent blockchain hacking cases haven’t involved the actual blockchain being compromised, but rather the exchanges or platforms where consumers are able to buy, sell, and manage their cryptocurrency funds. This has more to do with the security of the actual websites that are being used to facilitate cryptocurrency and represents an unexpected vulnerability in this emerging industry. This means that millions of dollars of the billions expected stolen could simply be blamed on the poor security features of these platforms. However, in the January Coinbase hacking, this was not the case.
The Coinbase and Gate.io Hack
Instead of targeting exchanges, the hacker responsible for the Coinbase attack was able to penetrate 51% of the Coinbase computing network and rewrite the blockchain itself. With access to the blockchain and the ability to alter its data, the hacker was able to spend the same cryptocurrency more than once; This is referred to as “double spends”. In total, an estimated $1.1 million was spent, however Coinbase claims that none of these funds were actually stolen from the accounts. The same attacker also managed to employ the same scheme on Gate.io, which announced losses in a total of $200,000. In a strange turn of events, the attacker later returned half of those funds.
The Unique and Dangerous Role of “Miners”
In order to verify transactions, cryptocurrency exchanges employ “miners”. Essentially, miners sort through transaction data, add new information to the transaction database, and follow a strict protocol to complete the verification process. However, with this high level of power, miners can more easily gain control of the exchange’s network and create fraudulent transactions. For example, with access to an exchange database a miner could send funds to themselves or another individual and then alter the transaction history to make it look like the transfer never occurred. In theory, miners could access up to 51% of a blockchain network, which has helped coin the popular term “51% attacks” since 2018. Until cryptocurrency exchanges are able to create more advanced security procedures and verification protocols to address these concerns, it is suspected that the number of 51% attacks will only continue to rise.
New Cryptocurrency Concerns
Currently, a cryptocurrency blockchain network is run by a program called, the smart contract. This computer program automates cryptocurrency flow based on set rules, however it has lately been compromised to perform a whole new kind of fraudulent activity. The smart program can also facilitate legal contracts and financial transactions, and when hacked can be used to create false investor votes to allocate capital to a predetermined location. Since, the funds are then transferred with the hacker erasing any evidence within the blockchain that the transaction has occurred, it’s a difficult flaw to fix.
Can Cryptocurrency Be Made Safe?
Since the increasing numbers of blockchain hacking, many companies are emerging with the idea to combat cryptocurrency fraud with new technologies and strategies. However, they are still in a developmental state. Until new technology arises to the secure the cryptocurrency industry and it becomes more regulated, it seems that it will be increasingly vulnerable to hackers and fraudulent activities. With new forms of currency, come new forms of greed. It is just a question of how fast the exchanges and authorities involved can adapt to the weaknesses of the cryptocurrency market to reduce the defrauding of innocent consumers.
To learn more about this case, cryptocurrency, or other forms of financial fraud, contact Newman & Shapiro today!